TCP Wrapper

3 min readNov 9, 2022

For instance, an iptables -based firewall filters out unwelcome network packets within the kernel’s network stack. For network services that utilize it, TCP wrappers add an additional layer of protection by defining which hosts are or are not allowed to connect to “wrapped” network services.

TCP Wrapped Implementation:

TCP wrapped is help you to allow or deny specific service (running in linux e.g. sshd) from specific IP or specific Network.

TCP Wrappers Configuration Files

To determine if a client is allowed to connect to a service, TCP Wrappers reference the following two files, which are commonly referred to as hosts access files:

/etc/hosts.allow
/etc/hosts.deny

For example if you want to deny the access to some specific IP or Network. Just edit the hosts.deny file and add the service: IP for specific IP, Add the service: IP/Network for the network.
Same incase of hosts.allow, for example if you deny everyone and just want to allow some specific IP or Network.

sudo nano /etc/hosts.deny

#IP 10.10.2.157 not be able to access/use ssh service

sshd: 10.10.2.157

#IP 10.10.2.157 and all the network not be able to access/use ssh service

sshd: 10.10.2.157/255.255.255.0

#IP 10.10.2.157 not be able to access/use FTP service

vsftpd: 10.10.2.157

Above the examples to explain that “How deny and allow the different IP or Networks” via TCP Wrappers

For testing make sure you have service running in your linux

How to Edit the file:

sudo nano /etc/hosts.deny

Save the file and Test it.
We have tested both service SSH and FTP.

SSH Testing

For SSH Testing we already install and running SSH service on our server so just add the IP address in the hosts.deny file and save the file, restart the service.

FTP Testing

For FTP Setting we can follow this SOP, Because for Testing TCP Wrap for FTP we need to setup FTP Service first. To Setup FTP Please follow this SOP. https://www.youtube.com/watch?v=1WVBC0KBOeE & https://www.youtube.com/watch?v=N7hwrPiji3c